Legal

Privacy Policy

Last updated: 2026-05-12

1. Personal Data We Collect

We collect the following personal data to provide Imvento's commerce management services:

  • Business contact fields: trade name, business registration number, tax ID, contact email, contact phone, address, city, province, postal code
  • Authentication data: email and phone (via Supabase Auth), identity verification data
  • Operational data: inventory movement records (linked to user IDs), branch and brand associations
  • Technical data: IP addresses (Cloudflare logs), user behavior (PostHog, if consented)

2. Why We Collect Your Data

We process your personal data for the following purposes:

  • Billing: Process subscriptions, issue invoices, comply with tax regulations
  • Fulfillment: Manage inventory, process orders, coordinate deliveries
  • Support: Provide customer service, troubleshoot issues, notify of system updates
  • Security: Prevent fraud, protect business data, and maintain audit records

3. Data Sharing

We share personal data with 8 third-party processors:

  1. Supabase: Database hosting, authentication (email/phone)
  2. Cloudflare: API hosting (Workers), KV storage, request logs
  3. Stripe: Platform billing (email, payment data)
  4. PayMongo: PH storefront payments (GCash, Maya, card data)
  5. PostHog: Analytics (user behavior) — loaded only with your consent
  6. Resend: Email delivery (transactional emails)
  7. Semaphore: SMS/OTP delivery (verification codes)
  8. Sentry: Error monitoring (error reports, no personal data beyond user ID)

4. Your Data Rights

Under the PH Data Privacy Act (RA 10173) and GDPR, you have the right to:

  • Export your data: Contact support or use available in-app account tools when data export is enabled for your account
  • Request erasure: Request deletion of business data through support or available in-app account tools
  • Withdraw consent: Clear cookie consent in your browser to stop PostHog tracking

5. Cookie Usage

We use cookies for:

  • PostHog: Analytics cookies (only set after consent)
  • Cloudflare: Security and performance cookies (essential, cannot be disabled)
  • Authentication: Supabase session cookies (essential for logged-in access)

6. PH Data Privacy Act Compliance

Imvento complies with Republic Act 10173 (Data Privacy Act of 2012). We implement appropriate organizational, physical, and technical security measures to protect your personal data. We retain data only as long as necessary for the purposes collected or as required by law.

7. Contact Us

For privacy concerns, data requests, or to reach our Data Protection Officer:

Email: dpo@imvento.com

Terms of Service|Back to Home